Monday, August 4, 2014

Disabling Exchange 2010 ActiveSync, OWA, POP, IMAP or MAPI access for mailboxes with PowerShell

I’ve recently I came to one scenario, my customer asked me for disabling setting up an Outlook profile for users mailboxes.  The first thought that I had was that we could simply disable MAPI access via the Mailbox Features tab in the Exchange Management Console.  

The challenge was that there are thousands of users and manually clicking in the GUI to disable the MAPI feature wasn’t the best choice so we turned to PowerShell.

The 2 cmdlets we’ll be using to turn off MAPI access are the following:
The first Get-Mailbox is to retrieve the mailboxes which will then be piped into the Set-CASMailbox cmdlet. 

The following is an example of retrieving all of the mailboxes from a mailbox database then piping it into the set cmdlet to disable MAPI: 

Get-Mailbox -Database "DB1" | Set-CASMailbox -MAPIEnabled $false

Note that if you have more than 1000 objects returned from the Get-Mailbox cmdlet then you will receiving the warning:
I’ve ran this cmdlet in a few environments and noticed that it applies the changes to more than 1000 objects but just to be the safe, I usually run it with the additional -ResultSize unlimited switch: 

Get-Mailbox -Database "DB1" -ResultSize unlimited | Set-CASMailbox -MAPIEnabled $false
Note the warning message:
There are more results available than are currently displayed. To view them, increase the value for the ResultSize parameter.
You can change this limit of 1000 objects returned setting as shown in the following article:

Click on the Recipient Configuration node on the left Modify the Maximum Number of Recipients link on the right:
The GUI may not be the most optimal way of reviewing the configuration change so going back to PowerShell, you can use the following cmdlet to list all of the recipient objects in a store with their mailbox feature settings:
Get-Mailbox -Database "DB1" -ResultSize unlimited | Get-CASMailbox
If the list is too long, you can either use the | more command at the end as such:
Get-Mailbox -Database "DB1" -ResultSize unlimited | Get-CASMailbox | more
Get-Mailbox -Database "DB1" -ResultSize unlimited | Get-CASMailbox > C:\mailboxfeatures.txt

Note that to disable or enable the other features, simply replace -MAPIEnabled with any of the following:
  • ActiveSyncEnabled
  • OWAEnabled
  • PopEnabled
  • ImapEnabled

No comments:

Post a Comment